Trump Orders The Cyber To Be Fixed In The Next Sixty Days

from the all-power-to-C:-drive dept

No one likes it when a new boss takes over the office and starts acting like the entire operation can be turned around in a matter of days, if not hours. A "can do" spirit is overrated, especially when it's possessed by someone who knows almost nothing about the day-to-day business or, indeed, anything about this sort of business in general.

But that's what we have going on here. Within days of taking over the job, the new President has unleashed multiple orders and directives to FIX EVERYTHING… with details to follow sometime between "shortly" and "never." The plan to "make America great again" involves:

Telling Americans you're going to "fix" all of these things.

Telling government agencies and officials that they're going to fix all these things

Today, the Washington Post published what appears to be a draft of an executive order to be signed by President Donald Trump. The order, entitled “Strengthening US Cyber Security and Capabilities,” puts flesh on the bones of the “cyber review” promised by Trump during the campaign. It spells out who will conduct the review and what its specific goals are. The order also sets a brisk pace for the review, calling for initial recommendations for the security of “national security systems” and critical infrastructure within 60 days. The review also has a 60-day deadline to provide the president with a list of “principal cyber adversaries.”

While fire in the belly proclamations aren't unique to the new president, the expectation that multiple officials and agencies will be able to come up with what's required in the next 60 days borders on ridiculous. There's also a 100-day window for recommendations on how to draft the private sector into the government's cyberwar. At this point, multiple agencies are still fighting over who gets to be the top cyberwarrior, as well as whose particular data silo gets to be the biggest. Expecting something coherent in the next couple of months is delusional.

This administration-ordered time crunch -- as unrealistic as it is -- isn't limited to President Trump. As Ars Technica's Sean Gallagher points out, President Obama did the same thing. His 2015 cybersecurity "sprint" order was just as misguided. In the end, all Obama got out of it was some agency head resignations. Government systems are still, for the most part, as insecure as they've been since before the "sprint," when the Government Accountability Office reported that 23 out of 24 agencies surveyed failed to meet information security standards.

But this sort of speedy order is swiftly (no pun intended) becoming a Trump trademark. America's problems can apparently be solved with presidential "to do" lists fired off to a variety of agencies. He appears to believe that if he orders it, it will be done. How do you win the War on Terror, currently in year 16 of ∞? Easy. Come up with a plan to win and then win.

(ii) Within 30 days, a preliminary draft of the Plan to defeat ISIS shall be submitted to the President by the Secretary of Defense.

(iii) The Plan shall include:

(A) a comprehensive strategy and plans for the defeat of ISIS;

It's breathtaking in its simplicity. It's a shame no previous presidents had the forethought to demand a plan to defeat ISIS. And it's doubly-shameful no one involved in the War on Terror could be bothered to formulate a plan for beating terrorists until the president demanded one. Trillions of taxpayer dollars could have been saved if only George W. Bush had demanded a "comprehensive strategy for the defeat of [current top terrorist organization]" to be delivered to him by the end of 2001, AT THE LATEST.

NBC is reporting that the document [immigration/visa order] was not reviewed by DHS, the Justice Department, the State Department, or the Department of Defense, and that National Security Council lawyers were prevented from evaluating it. Moreover, the New York Times writes that Customs and Border Protection and U.S. Citizen and Immigration Services, the agencies tasked with carrying out the policy, were only given a briefing call while Trump was actually signing the order itself. Yesterday, the Department of Justice gave a “no comment” when asked whether the Office of Legal Counsel had reviewed Trump’s executive orders—including the order at hand. (OLC normally reviews every executive order.)

This process is a reflection of Trump's personality, and it's not a good look for someone in the most powerful office in the world. The federal government often has trouble accomplishing the mundane. Now, its new boss wants it to deliver miracles and is only willing to wait a couple of months for them to be delivered. At some point, realism has to set in, but we're still at the point where the new president believes mountains can not only be moved, but have always been able to be moved at the slightest notice. All that's been missing is someone willing to order the mountain's relocation.

Reader Comments

Easy fix

Fixing cyber security is easy! Just institute a policy whereby anyone writing their username and password on a post-it and sticking it to the monitor or a bulletin board, or writing their username and password on a chalkboard or whiteboard will be summarily fired (preferably out a cannon). Passwords will also no longer be up to the user - they will be issued by IT every month.

Re: "My plan is to make you come up with a plan... that I will then take credit for if it works."

Maybe this falls under stage 2 of his mandate which is to reduce government size. I mean he would be totally justified in firing whole departments who failed to deliver upon his completely achievable orders on time, right?

Re: Re: Re: Re: "My plan is to make you come up with a plan... that I will then take credit for if it works."

Which might work if you know that what you're asking for isn't likely to be accomplished in the time frame provided, even if they can work towards it, but whether or not Trump knows and is willing to admit that remains to be seen.

Re: Re: Re: Re: "My plan is to make you come up with a plan... that I will then take credit for if it works."

Re: "My plan is to make you come up with a plan... that I will then take credit for if it works."

That is because he has a simple plan, tell other to fix the problems, and the people he tells, being senior management, will use the same plan and tell their underling to fix the problem who will... until the solving the problem is assigned to someone with no underlings.

Funny

Re:

Donald ought to try a "physician, heal thyself" approach, starting by throwing away his obsolete insecure phone (https://www.wired.com/2017/01/trump-android-phone-security-threat/), which could be (and probably already has been) turned into a remote-controlled bug just by tweeting him a malware link designed to catch his attention (e.g. "Miracle Lotion Can Make Your Hands Grow To Normal Size!").

Re: Re:

Don't you think that a President who would order every government agency to 'fix the Cyber' in 60 days would be smart enough to stuff his insecure phone into a Faraday bag when he is not using it, or especially when he is discussing high security items with his cohorts (strike out) advisers? See, he fixed 'His Cyber', waiting on everyone else.

Re:

Hell, we are still worrying about heartbleed. While money can't solve everything, it does give us more options. The man isn't a politician, he might learn, we might teach him. Let go of your anger, it never put you in the right, only the wrong. Funny no one saw him coming, and now he is here and others can't deal with it with anything but ignorance hate. Who is the idiot now? Is that who you, or is that who whom?

Re:

Imagine some asshole grabbing your pussy ... oh wait, you don't have one. Ok, imagine someone taking out a full page ad demanding your arrest and incarceration. You would be good with that? The guy is a loose cannon wrecking havoc on deck and the gale force winds are not letting up, what do you do? Get rid of that POS. But noooo - anyone who questions fearless leader is consumed by hatred and ignorance according to this one person posting their bullshit. Who is the idiot, it is still dumpf.

2 days tops. And 58 days lolling in the sun with a margarita.

Re: 2 days tops. And 58 days lolling in the sun with a margarita.

Remember, after you break the cyber you have to drill through the other locks and then convince the FBI to turn off the power by staging a terrorist attack first. Also, look out for barefoot guys in tank tops.

Re: Re: Re:

Re: Re:

Decent job so far includes pissing off all your allies and enemies at the same time, violating the constitution on day one with further infractions on each and every day thereafter, and having the worst approval ratings for a new president in the history of measuring such a thing. The guy is a loser, admit it.

Agency created/bought malware

Does this order include fixing the malware being rolled out by various multi-lettered agencies? Will that fix involve telling everyone about them, or will that fix involve actually disinfecting infected computers, or both?

You can do that?!

(ii) Within 30 days, a preliminary draft of the Plan to defeat ISIS shall be submitted to the President by the Secretary of Defense.
(iii) The Plan shall include:
(A) a comprehensive strategy and plans for the defeat of ISIS;

Forget ISIS, I had no idea the president could simply order a problem to be solved like that, and in a single month at that.

Re: You can do that?!

Re: Re: You can do that?!

You mean decide if P == NP, right?

If P = NP, then P == NP by definition, unless you're running in parallel and assignment is not atomic. Then if P = NP we still need to decide if P == NP. Maybe what you really meant was NP = P. That would/could be good.

Re: Cyber enemies list.

Re: Cyber enemies list.

If you define 'enemies' not just as 'groups that would like to attack us' but 'and those that would like to make it easier for them to do so', you could tack on several USG agencies and more than a few politicians to that list too. Like say, anyone who advocates for crippling encryption.

Not getting the Trump bashing

The President's powers are limited.Unlike most politicians he is actually trying to do what he said he would do.

Ordering any government agency to do anything within 60 days is like asking to move a mountain. But that just highlights how inefficient government is at doing anything. Maybe some changes could make government more efficient, maybe Trump is simply wasting paper, time will tell.

Re: Not getting the Trump bashing

"Ordering any government agency to do anything within 60 days is like asking to move a mountain"

I beg your pardon! I realize that it sometimes takes hours for the government to screw things up, but I'm absolutely certain, with a job this big, and this much pushing behind it, they can screw it up in seconds!

Moving a mountain is easy. Finding that damned lever and a proper fulcrum are the parts that're a pain in the ass!

Give him a chance

Clearly you all know nothing about security. Donald Trump has one of the best security advisors in the history of cybersecurity.

There are few things that he will be incapable of doing. And this idea that you're pushing about how security is difficult to fix is absurd. Security is one of the easiest things to do when it comes to computers.

Or better yet, I think it would be a good idea if Trump demanded that the tech companies write a new government approved piece of software and force that to be included in all new installs of computers.

TRUMP CAN DO IT-move that mountain, nothing to hard for him...American workers built Manhattan

Getting the cooperation of the rest of government, not going to work since the downsizing, sabotaging, etc.TRUMP should do it again, "You're fire," and hire those dedicate hard workers who were let go from the last administration back with pay, benefits, all...a Unites States of American worker.

Re: TRUMP CAN DO IT-move that mountain, nothing to hard for him...American workers built Manhattan

corp MENTALITY

FIX IT,FIX IT NOW..I dont have any idea HOW to do it..BUT, you FIX IT..

Figure out HOW to deal with ISIS...there are a few ways..RESTRICT ALL ACCESS to ALL MUSLIM NATIONS..TAKE everyones pictures with TRUE ID, and place it in a data base..(sounds like drivers lic/ID cards)

PUT UP A FENCE..monitor ALL BORDER(hmm, (Sounds like No mans land in Korea)

BOMB EVERYTHING...and piss off every other Muslim and other religions in the Area..(hmm, sounds like Vietnam)

HOW about the Mexican Fence...you REALLY want to IMPACT CORPS in the USA?? DROP all tariffs, and FORCE CORPS to only CHARGE EQUAL PRICES for the goods...it would PISS THEM ALL OFF..Paying for a Headlight system at $200-300 and marking it down to $50 would REALLY put a dent in CORPS ideas..

Re: I have the plan Trump is looking for

Not a good plan.

Most of the ISIS members who wear masks are actually White Rental Mercenaries and US Corporate Kill Squads, and killing them all would place ISIS squarely at the feet of The 5 Eyes nations where they actually live. That would be bad PR.

ISIS is the Boogeyman. If you kill the Bogeyman, you remove the thing that creates fear among your peasants.

If your peasants are not afraid, they will become overly interested in exactly how their peace-time taxes are spent by those who are trusted with such things.

That would be bad for the billionaires.

When they are frightened, like in times of war, they never question where their taxes are spent. Status Quo restored. Rich richer, and poor fukt.

Spelling error in headline: It's "the Siber".

As in the Siberian candidate.

You thought Trump was having trouble understanding and saying "the cyber". Not at all. Just his terror of the Freudian slip.

Give my love to Putin, eh?

P.S. I'm not saying that Comey is a Russian mole. I'm saying that there is a high probability that there is at least one mole in the FBI office in NYC and you should start looking in the cabal of FBI agents who threatened Comey back in October... And have a super-nice day!

We all know how this is going to end....

People with a realistic understanding of the subject and the problems that needs to be faced, will give a realistic estimate of a timeframe and which goals that is damaging or downright impossible to accomplish.People that want to keep their jobs and get promotions regardless of their professional integrity (and people who call it "the cyber") will give a plan they think will please with unrealistic estimates, damaging practices and a solid plan for completely destroying what is left...Guess who will be getting a raise and who will be listened to.

Looking at it with an understanding of the subject and from outside the US, it seems to be a very scary time we are facing in IT.As with Trump and his other policies, I really hope that I will be proven the fool and somehow it will turn out to be good ideas. If that day comes I will be glad to admit my faulty viewpoint and wear a big sign that tells everyone that I was wrong, because being right in these cases, is so much worse.

Did anyone actually read the order?

I did. And speaking as someone who has been doing security since DARPA days, it's a hot mess. It reads as if someone made a list of every buzzword, then attempted to ensure that they used all of them at least one time in the document. Most of it makes no sense at all. Some of it is absurd.

I have no idea what that means, because I don't know what a cyber adversary is or how we're supposed to determine who they are. A decent argument could be made that MI6 is a "cyber adversary" since they spy on the US just like every other nation with the capability does. But since they're a political, military, and economic ally...are they an adversary?

Attribution is hard. REALLY hard. Even when there are obvious clues, it's still hard -- because it's trivial to plant those. We don't actually know who the really good adversaries are because they're the ones we can't identify. And while the three-letter agencies may think they know: I sincerely doubt it. (Consider: countries infiltrate each other's intelligence agencies routinely. So if there's a hack that appears to be coming from China, is it Chinese intelligence or a plant in Chinese intelligence?)

The reports that are generated as a result of this order are going to the same kind of word salad with a generous topping of platitudes and generic recommendations, because to actually, seriously tackle the problem of figuring out who the adversaries are is a 10-year project. So nobody's going to do that. They're going to spout the usual BS and maybe make some stuff up.

The F-35! It’s “not very good!” It’s “out of control!” It’s comes at a “tremendous cost!”

10 days after Trump's inauguration:

The F-35 fighter jet — a great plane by the way, I have to tell you, and Lockheed is doing a very good job as of now,” Trump said Monday at a meeting with small business leaders at the White House. “There were great delays, about seven years of delays, tremendous cost overruns. We’ve ended all of that and we’ve got that program really, really now in good shape, so I’m very proud of that.”

Ban windows

Maybe everyone should just acquiesce to bureaucrats

The reason people think this is hard is they've swallowed the lie that bureaucrats have been feeding them for the last several decades.

There was a time in this nation when hard problems were just SOLVED. People got off their asses and did something instead of passing around some memos and declarations and wondering who was going to actually take care of things.

This guy may be crazy, but telling Washington to get off their asses and fix stuff THEY KNOW IS BROKEN, with consequences for them personally if they don't sounds like a damn good idea to me.

I work in IT, I know you can't wave a wand and fix this stuff, but the answer IS NOT "it hard, we have think 'bout 'pooter too much to make safe' sitting on their thumbs. This stuff does NOT fix itself.

The private sector sees a security problem? They fix it like their asses and hair are on fire. The US Gov't sees a security problem, they argue who gets to be the boss over the project and allow for a 10 year bid process. If they can build surveillance systems quickly that adapt to the modern computing environment regularly, they can sure damn fix the stuff they have. It's a matter of motivation.

(BVTK) Bravatek Solutions INC.

I read on there web site they already have contracts to fix certain military departments cyber security issues . They was going to do a reverse split until Trump gave them a contract and more are to come by what I am reading on there site So they will not be doing no reverse splits and there stock prices are expected to go back to there all time highs and possibly more . (BVTK) Bravatek Solutions INC. This company could end up making all of us investors millions if not trillions of dollars .